On 29 juin, 07:37, Sripathi Krishnan
wrote:
> With GWT, you are isolated to the following attack vectors -
>
> 1. Using native eval()
> 2. Using setInnerHTML() methods
> 3. Using non-gwt javascript code/thirdparty js libraries
> 4. XSS on the host html/jsp page
>
> Check-list to prev
With GWT, you are isolated to the following attack vectors -
1. Using native eval()
2. Using setInnerHTML() methods
3. Using non-gwt javascript code/thirdparty js libraries
4. XSS on the host html/jsp page
Check-list to prevent XSS for GWT applications -
- Don't EVER use eval() di
Hey guys,
Most security papers I've read on the topic of XSS prevention suggest
escaping untrusted strings in a context-sensitive way in server side
templating languages. However I sense that it's different with GWT
(and any other JS applications) in that received data from a data
source can be us